Passwords are commonly used to allow a user to securely access information or interact with a given device. However, users often select a common word or phrase for the password to make it easier to remember the password. Unfortunately, certain words may be more common in certain locations; for example, one of the most common passwords in Washington, D.C. is “redskins” (i.e. the local football team). IT administrators prefer that users do not select a common word or phrase as part of the password since this jeopardizes the security of the information or device associated with the password.
Although some IT administrators try to define certain passwords as forbidden passwords that are not allowed for use, some users may choose to substitute symbols for certain characters in the forbidden password so that the user password corresponds to the forbidden password. For example, the symbol “1” can be used instead of the character “I”, or the symbol “5” can be used instead of the character “s”. The symbol “1” and the character ‘i’ are visually related to one another as are the symbol “5” and the character “s”. Accordingly, a user may attempt to subvert existing forbidden password checks by using similar looking or similar sounding passwords like “redskins” or “red5kins” in the case of preventing “redskins” for use as a password. This is not desirable since a non-authorized third party can easily determine variants for common passwords thereby uncovering the user password in these cases.